However – if you get a VPN tunnel working (which isn’t terribly hard), then it should be sufficient if most of the network traffic stays local. The traffic that would cross the VPN tunnel should be limited to things like:
– Authentication
– Internal Email
– Internal File Shares
– The occasional remote print job

If you have a backup domain controller (BDC) then you can drop Authentication off the list and add A/D replication, and also some routing stuff.

But – unless there’s a serious need for site-to-site data transfer (like a central database), you should be fine.